Device enrollment identity verification
Abstract
Provided are systems, processes, and methods for identity management, such as the verification of an identity of a user of device for securely onboarding a device remotely and other use cases. A user may access a webpage or obtain a native application on their device with which the user engages to prove their identity to an identity verifier delegated to attest to the identity of the user. A communication session is established between the user and the identity verifier via their respective devices. If the identity verifier attests to the asserted identity of the user, the device of the user may be issued a deep link, code, or other for the establishment or exchange of credential information with an identity management system. Embodiments of such systems may also be used for other instances of identity or device verification.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method for verifying an identity of a user, comprising:
receiving, from a device of a user, a request to verify an identity of the user;
receiving, from the device of the user, an initial user identifier by which a record associated with an asserted user identity is identifiable;
obtaining, from the device of the user, at least two device verification values;
obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user;
issuing, to the verifying user, a notification indicative of a pending identity verification request corresponding to the user;
receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user and providing for review by the verifying user on the verifying device the at least two device verification values;
establishing a chat session between the verifying device and the device of the user, wherein:
at least one attachment is detected as being uploaded by the device of the user; and
at least one audio or video communication session is detected between the verifying device and the device of the user;
after the detecting, receiving a selection performed by the verifying user on the verifying device to attest to the identity of the user as being the asserted user identity; and
in response to receiving the selection attesting to the identity of the user, permissioning establishment of a credential on the device of the user for the asserted user identity.
2. The method of claim 1 , wherein receiving, from a device of a user, a request to verify an identity of the user comprises:
receiving the request via a web page accessed by the device with a web browser,
receiving the request via a web application accessed by the device with the web browser,
receiving the request via an application programming interface, or
receiving the request via an identity management application executed by the device.
3. The method of claim 1 , wherein an initial user identifier is:
a username corresponding to the asserted user identity,
an email address corresponding to the asserted user identity,
a given name corresponding to the asserted user identity, or
an identification number corresponding to the asserted user identity.
4. The method of claim 1 , wherein obtaining, from the device of the user, at least two device verification values comprises:
obtaining a code transmitted to an account corresponding to the asserted user identity; and
obtaining at least one location value.
5. The method of claim 4 , wherein obtaining a code transmitted to an account corresponding to the asserted user identity comprises:
transmitting the code to a mobile telephone number associated with the asserted user identity,
transmitting the code to an email address associated with the asserted user identity, or
transmitting the code to a messaging service account associated with the asserted user identity.
6. The method of claim 4 , wherein obtaining at least one location value comprises one or more of:
obtaining global positioning system (GPS) location reported by a GPS receiver of the device,
obtaining an internet protocol-based location reported for the device, or
obtaining a wireless carrier-based location reported for the device.
7. The method of claim 1 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
obtaining user account information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user based on the user account information.
8. The method of claim 1 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
obtaining verifying device information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user to the verifying device.
9. The method of claim 1 , wherein receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user comprises:
receiving indication of the selection within a web page accessed by the verifying device under an account of the verifying user with a web browser,
receiving indication of the selection within a web application accessed by the device under the account of the verifying user with the web browser, or
receiving indication of the selection within an identity verification application executing on the verifying device of the verifying user.
10. The method of claim 1 , wherein providing for review by the verifying user on the verifying device the at least two device verification values comprises transmitting:
an indication of verification of a code received from the device, and
an indication of a location corresponding to the device.
11. The method of claim 1 , wherein establishing a chat session between the verifying device and the device of the user comprises:
initializing a first chat interface for display by the verifying device to the verifying user; and
initializing a second chat interface for display by the device to the user, wherein messages received from the respective devices are displayed within the chat interfaces.
12. The method of claim 11 , wherein detecting the at least one attachment as being uploaded by the device of the user comprises:
obtaining an indication of a selection of a user interface element within the second chat interface to capture an image with the device of the user or select an image or a file on the device of the user; and
receiving a selected file or image or a captured image submitted by the device of the user within the second chat interface, the submitting causing the selected file or image or the captured image to be displayed within the first chat interface.
13. The method of claim 11 , wherein detecting at least one audio or video communication session between the verifying device and the device of the user comprises:
obtaining an indication of a selection of a user interface element within the second chat interface or the first chat interface to establish an audio or video communication session; and
establishing, responsive to the indication of the selection, the audio or video communication session between the verifying device and the device of the user.
14. The method of claim 11 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
transmitting, to the device of the user, a selectable link displayed within the second chat interface, the selectable link configured to cause the device of the user to request the establishment of credentials.
15. The method of claim 14 , wherein the selectable link is a deep link into a native application.
16. The method of claim 1 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
transmitting, to the device of the user, a registration code for requesting the establishment of credentials.
17. The method of claim 16 , wherein the registration code is a selectable link that when selected causes the device of the user to request the establishment of credentials.
18. The method of claim 1 , wherein establishment of a credential on the device of the user for the asserted user identity comprises:
receiving a public key of a public-private key pair generated on the device of the user; and
associating the public key with a record corresponding to the asserted user identity.
19. The method of claim 18 , wherein one or more user credentials are established on the device of the user to govern access to the private key by the device subject to authentication of the user by the device on the one or more user credentials.
20. The method of claim 1 , further comprising:
permitting the device of the user access to a resource under the asserted user identity based on the credential.
21. A non-transitory computer-readable medium storing instructions that when executed by one or more processors cause the one or more processors to effectuate operations comprising:
receiving, from a device of a user, a request to verify an identity of the user;
receiving, from the device of the user, an initial user identifier by which a record associated with an asserted user identity is identifiable;
obtaining, from the device of the user, at least two device verification values;
obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user;
issuing, to the verifying user, a notification indicative of a pending identity verification request corresponding to the user;
receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user and providing for review by the verifying user on the verifying device the at least two device verification values;
establishing a chat session between the verifying device and the device of the user, wherein:
at least one attachment is detected as being uploaded by the device of the user; and
at least one audio or video communication session is detected between the verifying device and the device of the user;
after the detecting, receiving a selection performed by the verifying user on the verifying device to attest to the identity of the user as being the asserted user identity; and
in response to receiving the selection attesting to the identity of the user, permissioning establishment of a credential on the device of the user for the asserted user identity.
22. The non-transitory computer-readable medium of claim 21 , wherein receiving, from a device of a user, a request to verify an identity of the user comprises:
receiving the request via a web page accessed by the device with a web browser, receiving the request via a web application accessed by the device with the web browser,
receiving the request via an application programming interface, or
receiving the request via an identity management application executed by the device.
23. The non-transitory computer-readable medium of claim 21 , wherein an initial user identifier is:
a username corresponding to the asserted user identity,
an email address corresponding to the asserted user identity,
a given name corresponding to the asserted user identity, or
an identification number corresponding to the asserted user identity.
24. The non-transitory computer-readable medium of claim 21 , wherein obtaining, from the device of the user, at least two device verification values comprises:
obtaining a code transmitted to an account corresponding to the asserted user identity; and
obtaining at least one location value.
25. The non-transitory computer-readable medium of claim 24 , wherein obtaining a code transmitted to an account corresponding to the asserted user identity comprises:
transmitting the code to a mobile telephone number associated with the asserted user identity,
transmitting the code to an email address associated with the asserted user identity, or
transmitting the code to a messaging service account associated with the asserted user identity.
26. The non-transitory computer-readable medium of claim 24 , wherein obtaining at least one location value comprises one or more of:
obtaining global positioning system (GPS) location reported by a GPS receiver of the device,
obtaining an internet protocol-based location reported for the device, or
obtaining a wireless carrier-based location reported for the device.
27. The non-transitory computer-readable medium of claim 21 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
obtaining user account information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user based on the user account information.
28. The non-transitory computer-readable medium of claim 21 , wherein obtaining, based on the record associated with the asserted user identity, information corresponding to a verifying user having permissions to attest to the identity of the user comprises:
obtaining verifying device information corresponding to the verifying user and transmitting the notification indicative of the pending identity verification request corresponding to the user to the verifying device.
29. The non-transitory computer-readable medium of claim 21 , wherein receiving, from a verifying device accessing the notification, a selection to establish a communication session with the device of the user comprises:
receiving indication of the selection within a web page accessed by the verifying device under an account of the verifying user with a web browser,
receiving indication of the selection within a web application accessed by the device under the account of the verifying user with the web browser, or
receiving indication of the selection within an identity verification application executing on the verifying device of the verifying user.
30. The non-transitory computer-readable medium of claim 21 , wherein providing for review by the verifying user on the verifying device the at least two device verification values comprises transmitting:
an indication of verification of a code received from the device, and
an indication of a location corresponding to the device.
31. The non-transitory computer-readable medium of claim 21 , wherein establishing a chat session between the verifying device and the device of the user comprises:
initializing a first chat interface for display by the verifying device to the verifying user; and
initializing a second chat interface for display by the device to the user, wherein messages received from the respective devices are displayed within the chat interfaces.
32. The non-transitory computer-readable medium of claim 31 , wherein detecting the at least one attachment as being uploaded by the device of the user comprises:
obtaining an indication of a selection of a user interface element within the second chat interface to capture an image with the device of the user or select an image or a file on the device of the user; and
receiving a selected file or image or a captured image submitted by the device of the user within the second chat interface, the submitting causing the selected file or image or the captured image to be displayed within the first chat interface.
33. The non-transitory computer-readable medium of claim 31 , wherein detecting at least one audio or video communication session between the verifying device and the device of the user comprises:
obtaining an indication of a selection of a user interface element within the second chat interface or the first chat interface to establish an audio or video communication session; and
establishing, responsive to the indication of the selection, the audio or video communication session between the verifying device and the device of the user.
34. The non-transitory computer-readable medium of claim 31 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
transmitting, to the device of the user, a selectable link displayed within the second chat interface, the selectable link configured to cause the device of the user to request the establishment of credentials.
35. The non-transitory computer-readable medium of claim 34 , wherein the selectable link is a deep link into a native application.
36. The non-transitory computer-readable medium of claim 21 , wherein permissioning establishment of a credential on the device of the user for the asserted user identity comprises:
transmitting, to the device of the user, a registration code for requesting the establishment of credentials.
37. The non-transitory computer-readable medium of claim 36 , wherein the registration code is a selectable link that when selected causes the device of the user to request New establishment of credentials.
38. The non-transitory computer-readable medium of claim 21 , wherein establishment of a credential on the device of the user for the asserted user identity comprises:
receiving a public key of a public-private key pair generated on the device of the user; and
associating the public key with a record corresponding to the asserted user identity.
39. The non-transitory computer-readable medium of claim 38 , wherein one or more user credentials are established on the device of the user to govern access to the private key by the device subject to authentication of the user by the device on the one or more user credentials.
40. The non-transitory computer-readable medium of claim 21 , the operations further comprising:
permitting the device of the user access to a resource under the asserted user identity based on the credential.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.